Skip to content

Worlds Biggest Cyberattack: Bank hackers steal millions

Posted by Geraldine Hunt on Mon, Feb 16th, 2015

Carbanak cybergang steals $1bn from 100 financial institutions worldwide in the worlds biggest cyberattack bank hack. The starting point of this attack was spear phishing  emails sent to employees. With phishing emails in 2014 up 3X on the previous year (Kaspersky report) spear-phishing isn't going away. More than 100 financial institutions in 30 countries have been affected in this  targeted attack reported to be the world's biggest cyberheist. Kaspersky told the Times "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert." 

Kaspersky Lab, INTERPOL, Europol  combine efforts to uncover the criminal plot. 

Kaspersky Lab, INTERPOL, Europol and authorities from different countries have combined efforts to uncover the criminal plot behind an unprecedented cyberrobbery. According To Kaspersky (one of the anti-virus components in SpamTitan) up to one billion US  dollars was stolen over two years from various financial institutions worldwide.

Called the  Carbanak gang, it is believed the  cybercriminals come from Russia, Ukraine and other parts of Europe, as well as from China. This cyberheist brings  cybercriminal activity to a new level, where criminals steal money directly from banks, and avoid targeting end users.

According to Kaspersky Lab data, ‘the Carbanak targets included financial organizations in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia’. It is reported that these attacks remain active

Rigorous security training for all employees is critical.

The starting point of this attack doesn’t seem highly-sophisticated. So is it time organisations got back to basics?  The cybercriminals starting point was a spear phishing email. This allowed them enter an employee’s PC which infecting the network with Carbanak malware.

According to Kaspersky ‘they were then able to jump into the internal network and track down administrators’ computers for video surveillance. This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems. In this way the fraudsters got to know every last detail of the bank clerks’ work and were able to mimic staff activity in order to transfer money and cash out.’

Even if its software is unique, a bank cannot get complacent.

“These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery,” said

 Sergey Golovanov, Principal Security Researcher at Kaspersky Lab’s Global Research and Analysis Team.

"These attacks again underline the fact that criminals will exploit any vulnerability in any system. It also highlights the fact that no sector can consider itself immune to attack and must constantly address their security procedures. Identifying new trends in cybercrime is one of the key areas where INTERPOL works with Kaspersky Lab in order to help both the public and private sectors better protect themselves from these evolving threats," said Sanjay Virmani, Director of the INTERPOL Digital Crime Centre.

Attackers are persistent, they meticulously research their victims.

We (businesses and consumers) need to look after our own security procedures and ensure as much of these phishing emails are blocked before they even reach the end user. Attackers are persistent whether they’re trying to trick employees to click a bad url or download a malicious plug in. They meticulously research their victims and work hard to ensure that their story is believed. We need to consider our use of social media, what information is out there that could give criminals an edge in getting you to believe their email is authentic so that you unwittingly click on that link.  Rigorous security training for all employees – not just the IT team – is absolutely critical. Only with employee training and strong security solutions, can companies hope to ensure their employees and employee information doesn’t become a weapon for the bad guys.

Security is best done with a layered approach.

No product is going to secure your network. Something will always get through. Granted security is best done with a layered approach but user education is vital.

Those layers include (but not limited to):

  • Spam filtering – Ideally with AV built in, SpamTitan includes double AV of Kasperky and Clam
  • A/V at the firewall
  • A/V at the email gateway
  • A/V at the desktop/server
  • Following best practices for good password management and regular changing of passwords
  • No open shares or other network services
  • Most important is you monitoring all accounts, network activity, groups, etc.

If your users are not trained, you will get compromised.  How do you handle  spear-phishing threats in your organisation?  

Related Articles

Never Miss a Blog Post

Sign-up for email updates...

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us